How to Close the Door on Ripple20 Vulnerabilities by


                    Combining Local Security with Software Defined

                                                     Perimeters

                                By Don Boxley, Co-founder and CEO, DH2i [https://dh2i.com]




            Cyber security researchers at the independent security research group JSOF recently discovered at least
            19 security vulnerabilities that are found at the base of almost all Internet of Things (IoT) products. The
            zero-day vulnerabilities were found in a TCP/IP software library that Treck, Inc. developed — the software
            library is widely used in IoT devices, and the supply chain amplifies the vulnerabilities. According to the
            researchers, this series of vulnerabilities — dubbed "Ripple20" not for the number of vulnerabilities but
            for their impact and ripple effect on internet-connected devices in 2020 — affects “hundreds of millions
            of devices (or more) and include[s] multiple remote code execution vulnerabilities.”




            On the JSOF website, the researchers spell out just how high the inherent risks are in this situation, giving
            the following as examples of potential consequences of these 19 vulnerabilities. Attackers could:




               •  Steal data off of a printer
               •  Change an infusion pump’s behavior
               •  Create malfunctions in industrial control devices
               •  Hide malicious code within embedded devices that stays there for years
               •  Enable outside entry into network boundaries





            Cyber Defense eMagazine – September 2020 Edition                                                                                                                                                                                                         92
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.